Evolving Cybersecurity Threats and the Australian Response: Shields and Startups with Leon Liberchuk

Leon Liberchuk discusses evolving cybersecurity threats, regulatory impacts, and talent shortages shaping how Australian organisations protect against ransomware, phishing, and data breaches

Australian organisations are shifting their cybersecurity focus from perimeter-based defense to managing identity-centric threats, driven by the escalating frequency and sophistication of ransomware, business email compromise, and AI-powered social engineering.

We spoke with Leon Liberchuk, a cybersecurity expert, to explore the evolving digital threats facing Australian organisations. We'll examine the conjecture that their defense strategies are pivoting from traditional walls to protecting user identities and access points.

Leon will help us understand this shift, the sectors leading in cybersecurity investment, and the critical skills needed to navigate this new landscape.

Interview with Leon Liberchuk

What are the main cybersecurity threats Australian organisations are currently prioritising, and how are these evolving year to year?

Currently, most Australian organisations are worried about three things: getting locked up, getting tricked, and getting exposed. “Locked up” is ransomware, where criminals encrypt your systems and demand payment to give you access back. “Tricked” is business email compromise and invoice scams that quietly redirect money to another bank account.

“Exposed” is the data breach that leaks customer or member information and ends up in the media. The Australian Signals Directorate (ASD), which runs Australia’s national cybersecurity operations, keeps warning that cyber incidents here are getting more frequent and more serious, with both criminal groups and government backed attackers constantly changing tactics.

Year on year, what we see at GuardianOne is that attacks are less about “breaking through the firewall” and more about quietly abusing identity and trust. Cybercriminals target user logins rather than computers. They steal or hijack accounts, exploit third-party access, and send very convincing phishing emails, often written or improved with artificial intelligence.

At the same time, data breach reports to the Office of the Australian Information Commissioner (OAIC), the national privacy regulator, continue to climb, with the second half of 2024 recording the highest number of notifications since the scheme began. So for most Australian organisations, the focus has shifted from buying one more security tool to accepting that something will eventually get through, tightening identity and access controls, and making sure they can spot security issues and respond quickly.

Which sectors in Australia are driving the fastest growth in cybersecurity spending?

Financial services continue to lead the way. Banks, insurers and super funds have been investing heavily in cybersecurity for a long time due to strict rules imposed by the Australian Prudential Regulation Authority (APRA), the regulator for these sectors. APRA’s standard CPS 234 sets clear expectations for how they manage information security and report serious incidents, so these organisations invest more money into identity security, monitoring and managing risk across their suppliers.

Critical infrastructure owners and operators are now catching up quickly. Changes to the Security of Critical Infrastructure (SOCI) Act have expanded obligations across sectors such as energy, water, transport, telecommunications and data centres, including stronger requirements to protect “business critical” data systems.

Healthcare, along with all levels of government and large enterprises, is also increasing spending as it moves more services online and shifts more workloads into the cloud. Recent market research puts the Australian cybersecurity market at around AUD 7 to 9 billion in 2024, with analysts expecting solid double digit growth over the coming years. On the ground, we even see mid-sized organisations treating cybersecurity as a core operating cost, like insurance or electricity, rather than an optional IT project.

What are the biggest talent or skills shortages impacting Australia’s cybersecurity industry, and how are companies addressing them?

Australia faces more of a people challenge than a technology challenge. We simply do not have enough experienced cyber professionals. The Australian Computer Society (ACS), the tech profession body, reports that the tech workforce surpassed one million workers in 2024, but we will need around 1.3 million tech workers by 2030, with cybersecurity and artificial intelligence skills identified as major pressure points. Sector studies suggest tens of thousands of additional cyber roles will be needed by 2030, in addition to the roles that are already hard to fill today.

The most challenging roles to hire for are the hands on ones: security architects, incident responders, cloud and identity specialists, and people who understand both industrial systems and traditional IT. Organisations are responding in a few ways. Firstly, they are reskilling “near tech” workers, such as network engineers and developers, into cyber roles, which ACS has identified as a big opportunity.

Secondly, they are leaning more on managed IT and cybersecurity providers like GuardianOne to handle 24/7 security monitoring, threat hunting and incident response, instead of trying to build an in house security operations centre from scratch.

Third, they are partnering with universities and TAFEs (Technical and Further Education colleges) and with industry programs so graduates get real world experience earlier rather than only learning after they are hired.

How is the Australian government supporting cybersecurity innovation and capacity building through grants, regulations, or public private partnerships?

The main umbrella is the Australian Cyber Security Strategy 2023 to 2030, which is the federal government’s long term plan to make Australia one of the most cyber secure countries in the world by 2030. It comes with around 587 million Australian dollars in new funding and outlines six “cyber shields” that cover everyone from households and small businesses to critical infrastructure and the broader region.

Under that strategy, the government has created targeted programs such as the Small Business Cyber Resilience Service and a new Small Business Cyber Security Support Service hub, which funds providers to deliver practical help to small and medium sized enterprises.

On the skills and innovation side, grants such as the Cyber Security Skills Partnership Innovation Fund and the Growing and Professionalising the Cyber Security Industry Program support joint projects between industry, universities and TAFEs to build cyber skills and to move towards a more formal national framework for cyber professionals.

Historically, organisations such as AustCyber, and Stone and Chalk, a major startup hub, have also helped connect cybersecurity startups with government, investors and early customers. From a GuardianOne point of view, the positive shift is away from one off pilots and towards long term capacity building, especially for smaller organisations that cannot realistically build all of this capability on their own.

What barriers do Australian cybersecurity startups face in accessing capital and scaling internationally?

Australia has strong cyber research and some excellent founders, but there is still a clear funding gap for early stage companies. A recent submission to the government’s cyber strategy process highlighted that in 2024 only about 0.7 percent of Australian venture capital, roughly 29 million Australian dollars, went into early stage cybersecurity companies, while countries like Israel attract several billion US dollars into cyber startups over a similar period.

That makes it hard for local cyber companies to raise meaningful seed and Series A rounds, even when they have globally competitive technology.

In addition, cybersecurity is a trust business. Winning a large enterprise or government customer in Australia usually means long sales cycles, detailed security reviews and regulatory considerations before real revenue is realised. For a small company with limited cash, that is tough.

The domestic market is also relatively small, so meaningful scale typically means expanding into the United States, Europe or Asia, which involves new regulations, different expectations and competition from very well funded global brands.

Reports from organisations such as AustCyber and Austrade, the Australian Trade and Investment Commission, make it clear that Australia is a strong cyber hub, but they also call for more private investment and better incentives to help local cyber companies commercialise, win big reference customers and expand internationally.

How are new regulatory requirements, such as critical infrastructure mandates and data breach reporting laws, shaping cybersecurity investment priorities in Australia?

Regulation is now one of the primary drivers behind why boards in Australia are increasing their spending on cybersecurity. For owners and operators of essential services, reforms to the SOCI Act have introduced “positive security obligations” that require them to register key assets, run formal risk management programs and report cyber incidents that affect critical operations or “business critical” data systems.

This is pushing sectors such as energy, water, transport and telecommunications to invest in better network segmentation, monitoring, backups, incident response and supplier oversight, rather than relying solely on traditional perimeter defences.

In financial services, APRA’s information security standard CPS 234 continually raises expectations for banks, insurers, and super funds, and by extension, for the technology suppliers that support them. Privacy law has also changed the risk calculation.

The Privacy Legislation Amendment (Enforcement and Other Measures) Act increased penalties for serious or repeated privacy breaches to the greater of 50 million Australian dollars, three times the benefit obtained from misuse of the data, or 30 percent of a company’s adjusted turnover during the breach period. Combined with a steady rise in notifiable data breaches reported to the OAIC under the Notifiable Data Breaches scheme, cybersecurity is now clearly seen as a governance and compliance issue, not just an IT problem.

For many of our clients at GuardianOne, this has shifted investment towards a few key areas: identity and access management, reliable backup and recovery, continuous monitoring, stronger third-party risk management and well tested incident response plans. These are the controls that actually reduce legal, regulatory and reputational damage when something inevitably goes wrong.